The implementation of the "School-School Connect" project has greatly promoted the reform of school education, teaching and management. However, while building the network, many schools have ignored the security construction of campus networks, including how to protect campus network servers and prevent hackers from invading; how to filter websites to prevent the impact of unhealthy websites on students. Based on the principle of zero cost and high efficiency, this article talks about some applications of free Linux in building a green campus network.
Web server protection
1. To configure Apache, you must first install the Linux gateway. I use the easy-to-install and easy-to-use Redhat, and you can download Redhat7.2. When installing Redhat7.2, Apache, Squid, etc. have been installed at the same time, and we just need to simply configure it to use it.
After Redhat7.2 is installed, Apache is not running by default, so you can enable httpd first, that is, let Apache run. Modify the /etc/httpd/conf/ configuration file.
LoadModule proxy_module modules/
AddModule mod_proxy.c
NameVirtualHost 210.77. #The real IP of the gateway
#The real IP corresponding to the domain name
ServerName #Web
The domain name of the server
ProxyPass / 192.168.1.1/ #Web
Server IP
ProxyPassReverse / 192.168.1.1</p>
/ #Web server IP
2. Working principle: Internal Web host is interpreted to the external network card of the Linux gateway. When a request is received, the gateway can automatically forward to 192.168.1.1. After receiving the response from 192.168.1.1, then rewrite the source address as the real IP address of the gateway to return to the Internet user. This prevents outside hackers from seeing the real web server, thus effectively protecting the web server.
Website filtering
1. Configuration of proxy server Squid
As above, enable Squid first to ensure that the Squid proxy server works properly. Modify the /etc/squid/ configuration file.
http_port 3128 #Define the port for Squid to listen to HTTP client requests
Cache_mem 10 MB #Squid's ideal memory value, always set to 1/3 of physical memory.
Cache_swap_low 95
Cache_swap_low 90
Maximum_object_size 4096 KB # Objects greater than this value will not be stored
Cache_dir ufs /var/spool/squid/cache 200 16 256 #Specify the swap space used by Squid to store objects and its directory structure
Acl all src 192.168.1.1/24 #Define all as 192.168.1.1 network segment
http_acceaa allows all #192.168.1.1 network segment customers can use the Squid proxy to access the Internet.
Cache_effective_user squid #User and user groups used
Cache_effective_group squid
(The other parameters are just default!)
[root@squid bin]# chmod 777 /var/spool/squid/cache(make /var/spool/squid/
The cache directory is noboay user with write permission)
[root@squid bin]# squid -z (create Squid
cache directory /var/spool/squid/cache)
[root@squid bin]# /etc///squid start(Start Squid, stop squid with /etc///squid stop)
Testing on the client side, taking Windows as an example. Run IE, click "Tools", then click "Internet Options", then click "Connection" tab, click "LAN Settings", in the "LAN Settings" window, fill in the IP address of the Squid server 192.168.1.16 at "Address", fill in "3128" at "Port", and exit after confirmation. At this time, the client should be able to browse the Internet, indicating that Squid is running normally.
Below is the configuration of the website filtering function.
2. Install Berkeley DB
Download db- from http://
2.7. and exist /usr/local/squidGuard/
src/ directory
#cd /usr/local/squidGuard/src/
#tar xvzf db-2.7.
#cd db-2.7.7
#cd build_unix
#../dist/configure
#make
#make install
(Default installation to /usr/local/BerkeleyDB directory)
Note: squidGuard does not support the Berkeley DB version.
3. Installation and configuration of SquidGuard
#rpm -ivh squidGuard-1.2.0-3. (Data directory dbhome after installation: /var/squidGuard/blacklists log directory logdir: /var/log/squidGuard)
Follow the prompts to modify the relevant configuration lines in the /etc/squid/ file:
redirect_program/usr/sbin/squidGuard -c /etc/squid/squidGuard.confredirect_child 5
Restart Squid, check /var/log/squidGuard/, and look at the last line: 2002-05-23 16:13:18[2237] SquidGuard Ready for Requests, it means that SquidGuard is running normally. If the blocked website can be redirected to the specified web page, it means that the filtering function has been implemented. (Note: SquidGuard-1.2.0-3. Download address ftp://./pub/SquidGuard/)
Advantages of the method
It is convenient to configure and has low hardware requirements. Generally, retired 486 and 586 models are fully qualified. All software is free, and the blocked list is updated quickly. Just download the latest version of the blocked list database to replace the old one. You can also manually add or reduce the blocked list. Squid can also set the Internet time period, which is flexible and convenient to use. (Source: CIDI.com--China Computer Education News)